Latest Crypto related questions

I am working on doing a naive Python implementation of SHA-1,SHA-2, and SHA-3 and I need to test and debug because the hash result right now is not correct.

I have found a step-by-step working out of SHA-256 here. https://docs.google.com/spreadsheets/d/1mOTrqckdetCoRxY5QkVcyQ7Z0gcYIH-Dc0tu7t9f7tw/edit#gid=1025601888

Can somebody link me a step-by-step working out of SHA-1, SHA-2, and SHA-3 for an ex ...

I am looking a way to sign a document, so that everyone could verify that one person out of a group did, but only a special person and/or the group could know who signed it.

Let's say, X chooses a group G of people (it can be assumed that everyone has some kind of known public key). Then a member Y of G should be able to sign a document such that everyone can verify that it was signed by someone  ...

I'm working my way through some papers and ran across what seems to be division of two points that produce a third point. I'm new to ECC and am having a terrible time trying to figure out what this notation means, any thoughts?

This is from the BLS paper: https://crypto.stanford.edu/~dabo/pubs/papers/aggreg.pdf

Point division appears on pages

• 6 (A potential attack on aggregate signatures)
• 18 (Ring Si ...

I am reading through Vitalin Buterin's page on R1CS & QAP - https://medium.com/@VitalikButerin/quadratic-arithmetic-programs-from-zero-to-hero-f6d558cea649

I understood upto the part where he gets

$A=\begin{pmatrix} 0&1&0&0&0&0 \\ 0&0&0&1&0&0 \\ 0&1&0&0&1&0 \\ 5&0&0&0&0&1 \\ \end{pmatrix}$

$B=\begin{pmatrix}  ...

Let's consider we have keyed PRNG's and we want to build a cipher. What is better:

• to xor let's say ten such generators with some input as a plaintext (every generator got different key, but the same input),
• make 10 rounds, in which every generator output is new input to the next generator.

We see that usually ciphers have a round design. Is it because this is better?

Assume that we have:

p = 89
g = 5
public key: 17
private key: 73

If we try to encrypt message M = 53 (M < p), then we get (c1, c2) == (55, 67) and further message decrypts well.

However, if we try to encrypt message M = 91 (M > p), then we get (c1, c2) == (44, 57) and further message decrypts failed (got "2" as the result).

There are 3 questions:

• Why does it happen?
• Is it possible to recov ...

I have two polynomials over a finite field. I am trying to compute the product of these polynomials using Number-theoretic transforms. For my use case, it makes sense to do this in the matrix form.

What is the matrix formulation of the NTT and inverse-NTT? Does it differ from the DFT and inverse-DFT matrices?

Let $g$ generator of cyclic group $Z_p$ of order $p-1$, where $g$ can generate all group elements $\alpha \in Z_p$ as $\alpha = g^x$mod$p$, $x \in (0..p-1)$, where the discrete logarithm problem is hard, i.e. computing $x= $log$_ga$.

Suppose we instantiate a cryptographic system with the above parameters (e.g. an encryption scheme or a digital signature scheme), but with the modification of only  ...

I am a student in computer science currently working on a problem set in cryptography (practical problem but stuck on the math part).

Basically, suppose we receive a message that has been encrypted using ElGamal's crypto system and our goal is to decrypt and completely recover the message.

The initial plaintext is a sequence $p_1p_2\ldots p_m$. We are given a hashed version of the public key SHA256

I have a question. If I have 2 ciphertexts given and the same key has been used on both. They key lenght is the same as the plaintext and cipherrtext length. How do I decrypt them and find the key. So far I know that c1 + c2 = p1 + p2.

If we consider a group G with modulus p, order q with $p=2*q+1$, and generator $g=2$ ($ p$, $q$ huge prime numbers), is there a way to solve the discrete log problem $ g^x = y $ for a y given, using the baby steps giant step algorithm AND the fact that $x$ is of the form: $ x = \sum_{i=0}^{10} \alpha_i * 2^i $ $:\alpha_i \in \mathbb{N} $ without requiring to store all small steps in a hashtable, which is ...

We know 2 plaintexts of length L and 2 ciphertexts of length L(we don't know which one belongs which), assuming each given ciphertext is generated by encrypting one of the given plaintexts by XOR'ing (aka exclusive or) with the same key of length L (we don't know the key). Question is asking me to prove that, if the key is uniformly picked from the space defined by the length L, there exists no program  ...

In cryptography there are 4 basic attack classifications:

• Ciphertext-Only Attack
• Known-Plaintext Attack
• Chosen-Plaintext Attack
• Chosen-Ciphertext Attack

In Katz & Lindell's textbook (2nd edition) I only found definitions for COA-,CPA- and CCA-Security. I couldn't find a definition and experiment for KPA-Security. In general I wasn't able to find a good definition.

My questions:

• Can someone p ...

In the elliptic curve encryption scheme, there is a cyclic group generated by a base point $G$ on the elliptic curve.

Given a random point on the elliptic curve, is there a way to decide if the random point is in the group or not?